The 'ORACLE.EXE' binary does not implement sufficient bounds checking on external data which is copied into local memory buffers.

An attacker may exploit this problem to corrupt sensitive regions of memory, in an effort to execute arbitrary code. Code will be executed with the privileges of the underlying server. This issue may only be exploited if a client application does not place bounds limits on externally supplied data before passing it to Oracle.